3 matches found
IBM Tivoli Identity Manager SSUI跨站脚本漏洞
CVE ID: CVE-2009-3262 IBM Tivoli Identity Manager提供一个安全、自动化且基于策略的解决方案,帮助有效地管理IT环境中用户帐号、访问权限和密码的创建到终止的整个过程。 Tivoli Identity Manager的Self Service UI(SSUI)没有正确地过滤用户所提交的请求,通过认证的远程攻击者可以通过配置文件的last name字段执行跨站脚本攻击,导致注入并执行任意脚本或HTML代码。 IBM Tivoli Identity Manager 5.0 厂商补丁: IBM ---...
CVE-2009-3262
Cross-site scripting XSS vulnerability in the Self Service UI SSUI in IBM Tivoli Identity Manager ITIM 5.0.0.5 allows remote authenticated users to inject arbitrary web script or HTML via the last name field in a profile...
CVE-2009-3262
IBM Tivoli Identity Manager (ITIM) 5.0.0.5 Self Service UI (SSUI) is affected by a Cross-site scripting (XSS) vulnerability: remote authenticated users can inject arbitrary script/HTML via the last name field in a profile due to insufficient input filtering. Impact is XSS within authenticated ses...